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An encryption-decryption device for date storage 



1. Field of the Invention 

The present invention relates to an encryption-decryption device for 
5 data storage and in particular relates to a data encryption-decryption device 
provided on the data path connecting a data-generating device and a data 
storage device to accomplish the purpose of encryption-decryption. 

2. Background of the Invention 

10 In the present day of Internet Communications and Electronic 

Commerce, most businesses and personal matters are carried out on public 
communication routes. When important or secret information is transmitted 
and received on these routes, or stored in media without encryption, the risks 
of unauthorized data access and interception exist. When secrecy and 

15 security cannot be assured, the needs for data encryption arise. Data 
encryption provides a mechanism for protecting data from being unlawfully 
obtained on storage media or communication routes. In other words, 
encryption is the process of converting original data to data of 
incomprehensible form. Being the reverse process of encryption, decryption 

20 involves the operation of transforming the encrypted data back to its original 
fashion. In actual application, data is converted to incomprehensible form 
before being transmitted on communication routes (e.g., Internet or Local 
Area Network) or kept in storage media. After completing the decryption 
process on encrypted data, authorized users obtain usable data in its original 

25 form. 

A schematic of the prior art encryption is shown in FIG. 1 . Data 
storage and access are executed between a Hard Disk and a Central 
Processing Unit (CPU). Without processing power of the CPU 2, Encryption 
Software 3 alone cannot perform the encryption process. As a result, CPU 2 
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compromises its performance by allocating operational resources per 
instructions of the Encryption Software 3. To improve the performance of the 
CPU 2, conventional remedy normally involves adding an acceleration chip 
4 between CPU 2 and Encryption Software 3. Since the acceleration chip 4 is 

5 not part of the CPU 2, it would require additional cost of purchasing and 
mounting the acceleration chip 4 on circuit board to raise the performance of 
the CPU 2. In addition, the necessity for loading Encryption Software 3 on 
CPU 2 decreases capability thereof, slow down or incapacitate CPU 2 from 
executing encryption and, consequently, causes inconvenience of using 

10 Encryption Software 3, especially when expendable resource or operational 
performance of the CPU 2 is insufficient. It becomes desirable to find 
solutions to improve the deficiency. 

In order to find a solution, the inventor, after employing a great deal of 
time and efforts in research, has come up with the present invention for 
15 resolving the efficiency problem associated with employing Figure l's prior 
art configuration for encryption. 

Summary of the Invention 

An object of the present invention is to provide a data 
20 encryption-decryption device (an IC chip, for instance) for data 
encryption-decryption such that great improvement is attained when host 
system resources are relieved of the encryption-decryption process. 

Another object of the present invention is to provide a hardware device 
for allowing direct flow of data and command, on the data path connecting 

25 the host and the storage device, such that the existence of the data 
encryption-decryption device is unknown to either the host or the data 
storage device. Since the host, the data encryption-decryption device and the 
storage device are substantially connected serially. From the host's 
viewpoint, the data encryption-decryption device is regarded as the data 

30 storage device. Conversely, from the data storage device's viewpoint, the 
data encryption-decryption device is regarded as the host. Thus, as far as data 
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interface and communication is concerned, the data encryption-decryption 
device is invisible. Therefore, compatibility problems do not exist. 

The third object of the present invention is to provide a device capable 
of making intelligent decisions for distinguishing the types of data received. 
5 One example is, if Command or Control signals are detected, the device 
understands that encryption or decryption would not be required. Whereas, 
when Data signals are received, the device knows as well that encryption or 
decryption is to be executed. The devices' decision capability relieves the 
host from making above decisions, thereby elevating the operational 
10 efficiency. 

Another preferred embodiment is to place, between the Main Control 
and the Signal Transmission Line, an Interceptive Device for intercepting 
data to be encrypted or decrypted according to the Main Control instructions. 

Yet another preferred embodiment is to introduce two Data Buffers, 
15 one of which is provided between the data encryption-decryption device and 
the data storage device, and the other buffer provided between the data 
encryption-decryption device and the data-generating device, for storing 
pre-decrypted and encrypted data and pre-encrypted and decrypted data, 
respectively. 

20 

The following Description and Designation of Drawings are provided 
in order to help understand the features and content of the present invention. 

Brief Description of the Drawings 

25 The accompanying drawings form a material part of this description, 

in which: 

FIG. 1 is a schematic block diagram of prior art encryption in 
accordance with the present invention. 

FIG. 2 is a schematic block diagram showing the relationship between 
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Data-generating Device, Data Encryption-Decryption Device and Data 
Storage Device in the first embodiment of the present invention. 

FIG. 3 is a schematic block diagram showing the relationship between 
Data-generating Device, Data Encryption-Decryption Device and Data 
5 Storage Device in the second embodiment of the present invention. 

FIG. 4 is a schematic block diagram showing the relationship between 
Data-generating Device, Data Encryption-Decryption Device and Data 
Storage Device in the third embodiment of the present invention. 

FIG. 5 is a schematic block diagram showing a preferred embodiment 
10 of the construction of the Data Encryption-Decryption Device in accordance 
with the present invention. 

Detailed Description of the Preferred Embodiment 

The present invention relates to an encryption-decryption device for 
15 data storage and in particular relates to a data encryption-decryption 
hardware device provided serially on the data path connecting a 
data-generating device and a data storage device for accomplishing 
encryption-decryption process. The Encryption-Decryption Device provides 
a novel encryption-decryption construction for improved data encryption 
20 (and decryption) and universal system adaptation without comprising the 
overall system performance. 

As shown in Figure 2, the first embodiment of the present invention is 
a data encryption-decryption device located on the data path. Being an 
encryption-decryption device serially provided on the data path connecting a 

25 data storage device 11 and a data-generating device 13, the data 
encryption-decryption device 12 serves as a bridge connecting the data 
storage device 11 and the data-generating device 13. The data 
encryption-decryption device 12 is capable of performing the 
encryption-decryption operations independently without utilizing resources 

30 of the data-generating device 13, such as CPU, DRAM or other system 
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resources. From the viewpoint of the data storage device 11, the data 
encryption-decryption device 12 is regarded as a virtual data-generating 
device 13. Similarly, from the viewpoint the data-generating device 13, the 
data encryption-decryption device 12 is treated as a virtual data storage 
5 device 1 1 . As far as data interface and communication is concerned, the data 
encryption-decryption device is invisible. Therefore, data communication 
between these two devices will function without hindrance. 

The above-mentioned data storage device 1 1 could be any data storage 
medium, including such storage medium as Hard Disk, Floppy Disk, CD, 

10 Magnetic Tape, CD-RW, MO (Magnetic Optical Drive), Digital Video 
Recorder, Flash Memory Card (FC), PCMCIA Card, and etc.. The 
data-generating device 13 could refer to any data- generating device, 
including all data-generating, data-processing and data supplying media as 
Host Computer, Notebook, Microprocessor, Router and Interface Card, etc. 

15 Aided by a software program for encryption-decryption control, the data 
encryption-decryption device 12 performs the encryption-decryption 
operation independently. This configuration provides excellent results 
without compromising overall system performance. 

As shown in Figure 3, the second embodiment of the present invention 
20 is a data encryption-decryption device being placed on the data path. In this 
embodiment, a data encryption-decryption device 22 in IC chip form is 
installed serially on the front end of the designated outgoing transmission 
interface inside a data storage device 21 (e.g. Hard Disk, Floppy Disk, Flash 
Memory Card, Digital Video Recorder or CD-RW, etc) such that the control 
25 hardware and drivers or the data storage device 21 require no design change. 
In the form of Socket, IDE, PCI, 1394, SCSI, PCMCIA or USB, etc., the 
designated outgoing transmission interface allows encryption and decryption 
of data transmitted between the data storage device 21 and the 
data-generating device 23. As shown in Figure 4, the third embodiment of the 
30 present invention is a data encryption-decryption device being placed on the 
data path. In this embodiment, a data encryption-decryption device 32, in IC 
chip form as well, is installed serially on the front end of the designated 



outgoing transmission interface, inside a data-generating device 33 (e.g. 
Host, Notebook, Microprocessor, Flash Memory Card and Interface Card, 
etc.). In the socket form of IDE, PCI, 1394, SCSI, PCMCIA or USB, etc., the 
designated outgoing transmission interface allows encryption and decryption 
5 of data transmitted between the data storage device 3 land the 
data-generating device 33. 

The embodiments in Figures 2 through 4 demonstrate that many 
varieties of combination can be adopted by the present invention. The data 
encryption-decryption device, in one example, may be a stand-alone 

10 hardware device such as a hub, provided between a data-generating device 
and a data storage device. It may be, in other examples, installed inside a 
data-generating device or a data storage device. And can be compatible to 
IDE, PCI, 1394, SCSI, USB, or other communication interface, it may also 
act as a designated interface adapting various communication protocols. 

15 Therefore, the scope of application for the present invention ranges from the 
basic data encryption between a single host and its peripheral storage media 
to those involving connection and communication on the Local Area 
Networks (LANs) and the Internet. 

Figure 5 shows a detailed construction of the Data 
20 Encryption-Decryption Device in a preferred embodiment of the present 
invention, where a data encryption-decryption device is placed on the data 
path connecting a data-generating device 41 and a data storage device 42, an 
interceptor 431 is provided such that its one end is connected with said data 
path and its other end is connected to the main control 432, said main control 
25 432 is electrically connected to a data-generating control device 433, a data 
storage control device 434 and a data encryption-decryption engine 436, said 
data encryption-decryption engine 436 is so arranged that its one end is 
serially connected to an input buffer 435 which in turn is connected to a 
data-generating device 41, and its other end is serially connected to an output 
30 buffer 437 which in turn is connected to a data storage device 42. In addition, 
the data-generating control device 433 is electrically connected to the 
data-generating device 41 and the data storage control device 434 is 



electrically connected to the data storage device 42. 

Based on the above configuration, said main control 432 determines 
whether incoming data, generated in the data-generating device 41 and 
subsequently intercepted by the interceptor 431, is to be encrypted (or 
5 decrypted) or allowed to pass. Accordingly, the Command or Control Signals 
are allowed to pass and transmit to the data storage device without 
encryption. When the data- generating control device 43 3 , the data storage 
control device 434 and the data encryption-decryption engine 436 are 
notified of the incoming data, the data- generating control device 433 

10 transmits or receives a Control Signal and act as an interface between the data 
encryption-decryption device and the data-generating device 41. In other 
words, communication mode is determined by the interface of the 
data-generating device 41. For instance, if the data-generating device 41 is a 
Host and is using DDE interface for communication, IDE protocol will be the 

15 communication mode. On the other hand, if the host is equipped with and is 
using the PCI interface, PCI protocol will become the communication mode. 
Similarly, as the data storage control device 434 transmits or receives a 
Control Signal and act as an interface between the data 
encryption-decryption device and the data storage device 42, various 

20 communication modes are involved when designated data is being encrypted 
or decrypted in response to Control Signals of the main control 44. An input 
buffer 435 and an output buffer 437 are provided between the data 
encryption-decryption engine 436 and the data-generating device 41 and 
between the data encryption-decryption engine 436 and the data storage 

25 device 42, for storing pre-encrypted or decrypted data and pre-decrypted or 
encrypted data, respectively. Said data buffers are also capable of converting 
the data length. The data-generating device 41 usually has a 1-bit, 8-bit, 
16-bit, 32-bit, or 64-bit interface, The input buffer 435 converts incoming 
data from the data-generating device 41 for encryption and, after encryption, 

30 the output buffer 437 then transforms the encrypted data for storage in the 
data storage device 42. 

To recap, the present invention discloses a data encryption-decryption 
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device serially provided on the data path connecting a data-generating device 
and a data storage device for encryption-decryption purpose. Since resources 
of the data-generating device is not involved in the operation, the data 
encryption-decryption device is capable of accomplishing data 
5 encryption-decryption without comprising the overall system performance. 
By providing corresponding interface capabilities to accommodate both the 
data-generating device and data storage device, the data 
encryption-decryption device is transparent to the data-generating devices 
and data storage devices. Additionally, by adopting suitable data 

10 transmission protocols and interface, between the data-generating devices, 
data encryption-decryption device and data storage devices, as designated 
interface, the present invention allows the scope of application to extend 
from encryption between the host and the peripheral storage media to those 
involving connection and communication on the LANs and the Internet. It is 

15 apparent that the present invention discloses novel configurations and 
provides inventive steps over the prior arts. 

While the invention has been described in terms of several preferred 
embodiments, various alternatives and modifications can be devised by those 
skilled in the art without departing from the invention. Accordingly, the 
20 present invention is intended to embrace all such alternatives that fall within 
the scope of the claims. 
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What is claimed is: 



1 . An encryption-decryption device capable of encrypting and 
decrypting incoming data, comprising: 

5 a data-generating control device capable of communicating with an 

external data-generating device; 
a data storage control device capable of communicating with an external 

data storage device; 
a data encryption-decryption device for providing encrypting and 
10 decrypting functions; and 

a control device respectively connecting with the data-generating control 
device, the data storage control device and the data 
encryption-decryption device for controlling the same, said control 
device being capable to determine whether said incoming data need 
15 to be encrypted or decrypted by said data encryption-decryption 

device. 

2. The device of claim 1, wherein the data-generating device is a host 
computer. 

3. The device of claim 1, wherein the data-generating device is a notebook 
20 computer. 

4. The device of claim 1, wherein the data-generating device is a 

microprocessor. 

5. The device of claim 1, wherein the data-generating device is an interface 

card. 

25 6. The device of claim 1, wherein the data-generating device is a router. 

7. The device of claim 1, wherein the data storage device is a hard disk. 

8. The device of claim 1, wherein the data storage device is a floppy disk. 

9. The device of claim 1, wherein the data storage device is a CD. 

10. The device of claim 1, wherein the data storage device is a Magnetic 
30 Optical Drive. 

1 1 . The device of claim 1, wherein the data storage device is a Digital Video 
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Recorder. 

12. The device of claim 1, wherein the data storage device is a Flash 
Memory Card. 

13. The device of claim 1, further comprising an interceptive device 

5 connecting with the main control, said interceptive device being capable 
of intercepting incoming data for determining if said incoming data need 
to be encrypted or decrypted by said data encryption-decryption device. 

14. The device of claim 1, further comprising a data buffer connected 
between the data encryption-decryption device and the data-generating 

10 device. 

15. An encryption-decryption device connecting with a data storage device 
and a data-generating device via predetermined interfaces, wherein said 
data encryption-decryption device is a hardware device serially connected 
between the data storage device and the data-generating device for acting 

15 as a bridge for data transmitting there between, said data 

encryption-decryption device further including a control device and a data 
encryption-decryption device for encrypting and decrypting at least part 
of the data. 

16. The device of claim 15, wherein said data-generating device is a device 
20 choosing from a group consisting of host computer, notebook computer, 

microprocessor, interface card, and router. 

17. The device of claim 15, wherein said data storage device is a device 
choosing from a group consisting of hard disk, floppy, CD, Flash Memory 
Card, MO, Digital Video Recorder and PCMCIA. 

25 18. The device of claim 15, wherein said data encryption-decryption device 
is an IC chip provided within the data-generating device. 
19. The device of claim 16, wherein said data encryption-decryption device 
is serially provided on a front end of the interface located in the 
data-generating device. 
30 20. The device of claim 15, wherein said data encryption-decryption device 
is an IC chip provided within the data storage device. 
21. The device of claim 20, wherein said data encryption-decryption device 
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is serially provided on a front end of the interface located in the data 
storage device. 

22. The device of claim 15, wherein said interface is choosing from a 
consisting of IDE, PCI, 1394, SCSI, PCMCIA, and USB. 
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An encryption-decryption device for data storage 



Abstract 

By incorporating a data encryption-decryption device on the data path 
5 connecting a data-generating device and a data storage device, an 
encryption-decryption device for data storage is disclosed. Input instruction 
coming from the data-generating device determines whether encryption (or 
decryption) is to be carried out. If encryption (or decryption) is not called for, 
data is forwarded directly to a storage device and no encryption process (or 

10 decryption process) will be performed. When encryption (or decryption) is 
required, encryption process (or decryption process) will be executed on the 
data encryption-decryption engine provided within the data 
encryption-decryption device. The encryption-decryption device provides a 
novel encryption-decryption construction for improved data encryption (and 

15 decryption) without compromising the overall system performance. 
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